[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Mass bug filing: Cryptographic protection against modification

On Tue, May 04, 2004 at 08:10:36AM +0200, Florian Weimer wrote:
> A few packages contain "software" (well, everything's software these
> days) which is cryptographically protected against modification.  This
> seems to violate DFSG §3.

> Such packages include:

>   - apt (in experimental, can be fixed)
>   - mozilla-psm
>   - debian-keyring
>   - ssl-cert

> and a few more.

What in the world does "cryptographically protected against
modification" mean?  If you're talking about packages that ship only the
public half of an asymmetric key pair, this is inane.  The public key is
its own source, and you're free to modify it; it just isn't guaranteed
to work if you modify it.  Nowhere does the DFSG say that software must
continue to *work* after you make arbitrary and idiotic changes to them.

Steve Langasek
postmodern programmer

Attachment: signature.asc
Description: Digital signature

Reply to: